CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：42 | 回复：0
CVE-2021-27208

When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in fro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：63 | 回复：0
CVE-2021-26923

An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE-2021-26924

An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：39 | 回复：0
CVE-2021-27891

SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2021-27892

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE-2021-27893

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2020-4184

IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IB ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：52 | 回复：0
CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：43 | 回复：0
CVE-2021-3167

In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：39 | 回复：0
CVE-2020-24877

A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：50 | 回复：0
CVE-2020-25236

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：57 | 回复：0
CVE-2020-25239

A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the U ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：43 | 回复：0
CVE-2020-25240

A vulnerability has been identified in SINEMA Remote Connect Server (All versions V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2020-25241

A vulnerability has been identified in SIMATIC MV400 family (All Versions V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP R ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2020-28385

A vulnerability has been identified in Solid Edge SE2020 (All versions SE2020MP13), Solid Edge SE2021 (All Versions SE2021MP4). Affected applications lack proper validation of user-supplied data whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：65 | 回复：0
CVE-2020-28387

A vulnerability has been identified in Solid Edge SE2020 (All Versions SE2020MP13), Solid Edge SE2021 (All Versions SE2021MP3). When opening a specially crafted SEECTCXML file, the application could ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：59 | 回复：0
CVE-2021-23355

This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：51 | 回复：0
CVE-2021-23356

This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：62 | 回复：0
CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions = V4.3 and V6.4), SCALANCE M-800 (All versions = V4.3 and V6.4), SCALANCE S615 (All versions = V4.3 and V6.4), SCALANCE SC-600 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：44 | 回复：0
CVE-2021-25672

A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take ov ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：53 | 回复：0
CVE-2021-25673

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：58 | 回复：0
CVE-2021-25674

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：57 | 回复：0
CVE-2021-25675

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：54 | 回复：0
CVE-2021-25676

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions = V2.1 and V2.1.3). Multiple failed SSH authentication attem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：36 | 回复：0
CVE-2021-27380

A vulnerability has been identified in Solid Edge SE2020 (All versions SE2020MP13), Solid Edge SE2021 (All Versions SE2021MP4). Affected applications lack proper validation of user-supplied data whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：40 | 回复：0
CVE-2021-27381

A vulnerability has been identified in Solid Edge SE2020 (All Versions SE2020MP13), Solid Edge SE2021 (All Versions SE2021MP3). Affected applications lack proper validation of user-supplied data whe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：41 | 回复：0
CVE-2021-2055

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE-2021-2056

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE-2021-2057

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE-2021-2058

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：50 | 回复：0
CVE-2021-2059

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerab ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE-2021-2060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily explo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：22 | 回复：0
CVE-2021-2061

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：30 | 回复：0
CVE-2021-2062

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：37 | 回复：0
CVE-2021-2063

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：47 | 回复：0
CVE-2021-2064

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability all ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：26 | 回复：0
CVE-2021-2065

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：24 | 回复：0
CVE-2021-2066

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:47 | 阅读：20 | 回复：0